Aug 262016

“Moreno Ambrosin, Mauro Conti, Ahmad Ibrahim, Gregory Neven, Ahmad-Reza Sadeghi, and Matthias Schunter: SANA: Secure and Scalable Aggregate Network Attestation, ACM Conference on Computer and Communications Security, ACM Press 2016.”


Large numbers of smart connected devices, also named as the Internet
of Things (IoT), are permeating our environments (homes,
factories, cars, and also our body—with wearable devices) to collect
data and act on the insight derived. Ensuring software integrity (including
OS, apps, and configurations) on such smart devices is then
essential to guarantee both privacy and safety. A key mechanism to
protect the software integrity of these devices is remote attestation:
A process that allows a remote verifier to validate the integrity of
the software of a device. This process usually makes use of a signed
hash value of the actual device’s software, generated by dedicated
hardware. While individual device attestation is a well-established
technique, to date integrity verification of a very large number of
devices remains an open problem, due to scalability issues.
In this paper, we present SANA, the first secure and scalable protocol
for efficient attestation of large sets of devices that works under
realistic assumptions. SANA relies on a novel signature scheme to
allow anyone to publicly verify a collective attestation in constant
time and space, for virtually an unlimited number of devices. We
substantially improve existing swarm attestation schemes [5] by supporting
a realistic trust model where: (1) only the targeted devices
are required to implement attestation; (2) compromising any device
does not harm others; and (3) all aggregators can be untrusted. We
implemented SANA and demonstrated its efficiency on tiny sensor
devices. Furthermore, we simulated SANA at large scale, to assess
its scalability. Our results show that SANA can provide efficient
attestation of networks of 1; 000; 000 devices, in only 2:5 seconds.


Continue reading »

Apr 262016

July 18, 2016, Darmstadtium, Darmstadt, Germany

[Download Call for Participation as PDF]


Workshop Focus:

Medical progress increasingly depends on analyzing large data sets. This is often prevented by data silos and stringent privacy requirements. New technologies are emerging that allow privacy-preserving collaborative analytics of medical data, even if the amounts of data are large, the security and privacy requirements remain stringent, and the data origins from multiple silos. In particular fields with highly sensitive data such as genomics or other health domains, the wide range of privacy-preserving analytics technologies promise to enable new and exciting applications and scientific breakthroughs.


Keynote Speakers:

  • Jim Davies (Genomics England Limited and Oxford University):
    “Security and Privacy in the UK: The 100,000 Genomes Project”
  • Roland Eils (German Center for Cancer Research (DKFZ) and University of Heidelberg): “Curse or Cure: Big Data in Health”
  • Paul Francis (MPI-SWS and Aircloak): “A Breakthrough in Anonymity X Utility for Anonymized Analytics”
  • Kate Black (23andMe): Title tba


Workshop Goals:

  • To bring stakeholders from Medicine, Law, and Technology together to get a better understanding of the full range of requirements, capabilities, and constraints.
  • To compare and contrast recent advances from a user perspective and to identify promising directions for further research and real-world validation.
  • Discuss the current state of technology and to identify remaining technical and non-technical hurdles for public adaption.


Poster Submission, Logistics and Registration:

  • Date and Venue: July 18, 2016 at the Darmstadtium, Darmstadt, Germany
  • Logistics and Registration: (Register for SPMED; regular 90EUR, Student 60EUR).
  • Call for Posters that discuss related research. Please submit A0 posters by email before June 20 (notification June 30). The workshop will not publish proceedings: The goal is to openly share and summarize progress and insights.


Organizers: Ahmad-Reza Sadeghi, TU Darmstadt and Center for Advance Security Research Darmstadt (CASED), Emiliano De Cristofaro (University College London), Jason Flannick (Eli and Edythe L. Broad Institute of Harvard and MIT), Michael Steiner and Matthias Schunter (Intel Labs). For inquiries or any other questions, please contact [email protected]


Continue reading »

Aug 252015

“N. Asokan, Ferdinand Brasser, Ahmad Ibrahim, Ahmad-Reza Sadeghi, Matthias Schunter, Gene Tsudik, Christian Wachsmann
SEDA: Scalable Embedded Device Attestation; In: 22nd ACM Conference on Computer and Communications Security (CCS), October 2015.

Today, large numbers of smart interconnected devices provide safety and security
critical services for energy grids, industrial control systems, gas and oil search robots, home/office automation,
transportation, and critical infrastructure. These devices often operate in swarms — large,
dynamic, and self-organizing networks. Software integrity verification of device swarms is
necessary to ensure their correct and safe operation as well as to protect them against attacks.
However, current device attestation schemes assume a single prover device and do not scale to swarms.

We present SEDA, the first attestation scheme % to verify software integrity of
for device swarms. We introduce a formal security model for swarm attestation and show security of our approach in this model.
We demonstrate two proof-of-concept implementations based on two recent (remote) attestation architectures
for embedded systems, including an Intel research platform. We assess performance of SEDA
based on these implementations and simulations of large swarms. SEDA can efficiently attest swarms with dynamic and static topologies common in automotive, avionic, industrial control and critical infrastructures settings.

Continue reading »

Mar 302015

I have been invited to act as co-chair for TRUST 2015.

TRUST 2015 ( is an international conference on the technical and socio-economic aspects of trustworthy infrastructures. It provides an excellent interdisciplinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using and understanding trustworthy computing systems.


Important dates:

Submission due: 7 May 2015                                         Camera ready: 21 June 2015

Notification: 10 June 2015                                              Conference: 25 August 2015


The conference solicits original papers on any aspect (technical, social or socio-economic) of the design, application and usage of trusted and trustworthy computing. Papers can address design, application and usage of trusted and trustworthy computing in a broad range of concepts including, but not limited to, trustworthy infrastructures, cloud computing, services, hardware, software and protocols.

Two types of submissions are solicited:

  • Full papers (up to 18 pages in LNCS format) that report on in-depth, mature research results;
  • Short papers (up to 9 pages in LNCS format) that describe brief results or exciting work-in-progress.


The conference includes a technical and a socioeconomic strand. Full list of topics at
New topics for 2015 are

  • Applications as well as security analysis of trusted computing. We particularly encourage early explorations and results on new paradigms or emerging technologies (e.g., Intel SGX)
  • Trust, Security and Privacy in embedded systems and IoT systems
  • Trust in the Web: protocols and implementations of mechanisms to measure and leverage trust from the web (e.g., using social networks to establish trust for other services)
Sep 262014

The CfP:

Important dates

31 October 2014:
Deadline for expressions of interest or position papers (via email)
and registration (form available soon)
Within the limit of room capacity, people that have submitted a position paper and registered can attend

7 November 2014:
Program and position papers posted on the workshop website

20-21 November 2014:

Expressions of interest and position papers are due 10 October. Participation is free and open to all. Learn more about how to participate.

We are currently facing the transformation of the Web towards a more mobile use. These days, more users access the internet using their mobile devices than using conventional computers (notebooks, desktops, etc). It can be observed that web based services are used on mobile devices more often and more intensely. Mobile devices tend to be always on. At the same time these mobile devices are extremely personal devices: we carry them with us almost constantly, and we use them as personal assistants, trainers, banking terminals, memory-extenders and more. Smartphones know many details about our life: They know our location, carry a unique number, pictures and other very private information. They have a microphone and a camera.

As a result, privacy is a common concern with mobile devices and the mobile Web. A recent documentary from ARTE in cooperation with the CNIL and INRIA showed how apps acquire, consume and distribute user data. Often, not all the data gathered is really needed for the functioning of the application.

As a result, the user’s trust will evolve with the issues on privacy and security in the Open Web Platform. A great potential is wasted because the lacking trust leads to collection restrictions in various forms, being it ad blockers, stickers on cameras, metallic cases, removable batteries or just regulation. Instead, we should give users more tools to allow them to feel confident and in control. One the one hand, rigid restriction will also spoil opportunities including location based services, predictive agents, statistics for better product planning, the Internet of things or big data. On the other hand, services have to take the user’s fear seriously and communicate their intentions in a comprehensive way. There will be an ever more increased need to be transparent about what happens to the users’ data.

The Workshop on trust and permissions for Web applications, that was held in Paris on 3-4 September 2014 has provided insights on a way for a roadmap towards a broad consensus on trust and permission handling for the Open Web Platform. There was agreement, that browsers are in a position to examine the APIs used by a given app and apply heuristics to determine signs of attempts to “finger print” the device. This could be flagged to the user as well as to potential reviewers. Already in March, the STRINT workshop addressed issues of pervasive monitoring.

User studies have shown that users are more interested in what sites plan to do with the data they collect rather than with the full space of possibilities arising from the use of APIs. It is unreasonable to expect end users to understand lengthy terms of conditions and privacy policies. While the Paris Workshop explored models how to delegate trust decisions, this Workshop will explore ways to directly help the user understand what is going on. This includes appropriate ways of translating complex issues involving fine grained permissions in APIs into something that users understand.
Workshop Goals & Topics

The Workshop on User Centric App Controls intents to further the discussion among stakeholders of the mobile web platform, including researchers, developers and service providers. This workshop serves to investigate strategies toward better privacy protection on the Web that are effective and lead to benefits in the near term. This includes discussing basic privacy UI features that will, on the long run, create a user experience that loops with user expectations. We expect certain controls and dashboards in a car. Perhaps we can create a similar clarity for the privacy dashboard of our devices.

The Workshop is user centric as it will also look at user experience, user behavior and how we can offer controls that provide the necessary transparency of privacy-affecting interactions. But it also addresses app developers and the need for usable and implementable APIs to address privacy protection within the Open Web Platform that allow developers to address user’s privacy needs.

State management

Improving the UI for stateful services, overview of states
Defaults for expiration of stateful situations
How to convey state information to the User
How to deal with logging and how to provide interfaces for logged data?

Mobile Interfaces

Requirements for private browsing on mobile
A privacy ontology for mobile apps and their use of personal data
The value of privacy in paradigms for mobile UI
Helpers to understand the privacy impact or a privacy policy
Machine assisted lying to counter unfair data requests


Selective release of personal information to apps
Controlling the geo-location interfaces, including UI challenges
enforcing data expiry
What data should remain on the device, what can be stored into the cloud?

Who Should Attend?

Researchers with an interest in mobile privacy
UI and UX experts interested in privacy interfaces
Browser makers
App developers
Device vendors
Network operators
Cloud platform vendors with an interest in mobile interfaces to their services
Governments and regulatory agencies interested in evolving the regulatory framework for privacy to respond to mobile challenges

Questions? Rigo Wenning <[email protected]>

Sep 152014

“Updaticator: Updating Billions of Devices by an Efficient, Scalable and Secure Software Update Distribution Over Untrusted Cache-enabled Networks”; M. Ambrosin, C. Busold, M. Conti, A. Sadeghi, M. Schunter, accepted at ESORICS 2014.

Secure and fast distribution of software updates and patches is essential for securing systems. Today, each device downloads updates individually from a software provider distribution server. This approach does not scale to large systems with billions of devices where the network bandwidth of the server and the local Internet gateway soon become bottlenecks. Cache-enabled Network (CN) services (either proprietary, as Akamai, or open Content-Distribution Networks) can reduce these bottlenecks. However, currently they do not offer security guarantees against potentially untrusted CN provider that try to threaten the confidentiality of the updates or the privacy of the users.
In this paper, we propose Updaticator, the first protocol for software updates over Cache-enabled Networks that is scalable to billions of concurrent device updates while being secure against malicious networks. We evaluate our proposal considering Named-Data Networking, a novel instance of Cache-enabled overlay Networks. Our analysis and experimental evaluation show that our solution removes the bottlenecks of individual device-update distribution, by reducing the network load at the distribution server from linear in the number of devices to a constant even if billions of devices are requesting updates. Furthermore, the download time is negligible due to local caching when compared to the state-of-the-art individual device-update mechanisms. Thus, our solution makes secure updates practical even for a large number of devices.

Download (PDF, 464KB)

Aug 212014

I am participating in the program committee of SEGS2014.


The 2nd Smart Energy Grid Security (SEGS) Workshop aims to foster innovative research and discussion about smart energy grid security and privacy challenges, approaches, and solutions. SEGS’14 takes places in Scottsdale, Arizona in conjunction with ACM CCS 2014.

SEGS seeks paper submissions from academia, industry, and government institutions presenting novel research on all theoretical and practical aspects of smart grid security and privacy, including design, analysis, experimentation, and fielded systems. We encourage submissions from other communities, such as law, economics, and HCI, that present these communities’ perspectives on technological issues.

The scope of the workshop encompasses all aspects of the smart grid, including distribution, transmission, generation, metering, e-mobility, and integration of distributed energy resources.